Whitman Enters Uncharted Waters in the Digital Realm
October 12, 2017
Whitman College is updating the Tech Services Privacy Policy. Most recently revised in 2006, the new draft will receive input from faculty, staff, administrators, and the College’s Information Security Officer, Linc Nesheim. The changes raise questions about the ways in which Whitman College will walk the fine line between security and privacy as more and more of the Collegiate functions move to the digital realm.
Nesheim works in the newly renovated Technology Center across the street from College House, on the corner of Main & Tukanon. He has been in Walla Walla since August of 2017. Before moving joining Whitman, Nesheim lived in Bellingham, working for Clarus Fluid Intelligence, a company contracting with the U.S. Navy, as well other industries. As his title suggests, Nesheim is primarily concerned with Information Security on campus.
“That’s where the action is at. Information security is a broad industry and its been around for a number of years, but it’s still relatively new in the grand scheme of the IT industry. My job is to make sure that all of the data that Whitman has, is processed correctly and protected. Confidentiality, integrity, and availability,” Nesheim said.
Nesheim and a combination of other staff members in the Technology Center protect the College’s data, which encompasses a lot. “Your term paper, your grades, your mailing address, all of these things. There are thousands of these information assets and we pay attention to all of these,” Nesheim explained.
Through a complex system of firewalls, Whitman protects its’ data through what Nesheim calls “layers of the onion.” These layers make it extremely difficult for someone who manages to bypass one firewall to breach multiple systems, or even get access to all of the data from one system.
This is the security side of the coin; the Technology Center works tirelessly to protect the College’s data, but in that effort, threats to student privacy inevitably arise. Mediating this tension is the Technology Services Privacy Policy, available on Whitman’s website.
Broken into three sections, the policy begins by stating “the College is committed to protecting the privacy of the Whitman Community”, before outlining the scenarios which would require the College to violate that privacy. Namely, if “it is fundamentally necessary for the functioning of the College’s IT or electronic infrastructure or, there is clear evidence suggesting that the security and/or the integrity of the system is being compromised.”
Daren Mooko, Whitman’s Dean of Students, explained that “‘fundamentally necessary’ usually means cases where the College will comply with local, state, or federal law enforcement should we be ordered by the court or complying with an investigation. ‘Fundamentally necessary’ would also include complying with any investigation where college policies are alleged to have been violated.”
Nesheim added, “this language is here to say that there is a lot of data that exists just as a side effect of how the internet works, and we have a lot of that… We are not the content police. Everyone in this building is privacy first.”
Protecting student privacy is central not only to Tech Services, but also to Whitman staff in Memorial Hall. “With technology advancing so quickly, I believe we all need to be more vigilant about protecting our privacy. On a college campus, privacy doesn’t look all that different for me. Students, faculty, and staff all have a certain right to privacy with respect to their relationship to the College,” Mooko said.
The Privacy Policy covers Email, academic research, grades, and so much more under the Whitman.edu domain. “There are literally hundreds of servers that make up the thing that students think of as Whitman.edu. There is a database server holding your grades, a server used to verify your username and password, a server to use CLEo, and so many more.” Linc continued, “Whitman invests a lot in their technical systems.”
Though there is the potential of widespread surveillance, Nesheim is clear the the College does not violate the Privacy Policy. “We consider [your activity on whitman.edu] by and large your property, although it is a Whitman provided service. I lose my job if I go snooping through your email, unless it meets the [the standards outlined in the Privacy Policy].”
With the policy in flux, however, this could be subject to change. As it stands the Privacy Policy is the only protection afforded to students, faculty and staff interested in protecting their data. Already vague, now thrust into limbo, the Privacy Policy is hardly stable ground to stand on. As the Whitman Community moves into the drafting process, the central questions must concern not only existing protocol, but additionally potential reach of the systems in question. “I’m a computer guy. Ask any computer guy: “Is it possible that…?” The answer is yes without finishing the sentence,” Nesheim said.
L. Chao • Oct 19, 2017 at 3:13 am
I think that Mooko should be explicit about how students and faculty’s privacy would be violated and give examples of when it would be “necessary”, since “‘Fundamentally necessary’ would also include complying with any investigation where college policies are alleged to have been violated.”
If someone is accused of drinking underage, that’s a violation of campus policy. Does that mean that every email they have sent and received on the college’s servers can be read by the school staff? What if a student uses someone’s else’s card at the dining hall because they forgot their own or leaves the dorm door propped open? There are probably a hundred ways to violate campus policy: do all of them justify the college going through student and faculty email? I think that the college community has a right to get a clearer picture from Dean Mooko.